Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Virtual IP for enable RDP



I'm trying to make the settings on Fortigate to enable the RDP to a server but is not working.

I made the Virtual IP settings and I created the policy:


what is the problem?



Name: RDP_virtualIP External Interface: wan1

External IP: 999.999.999.999 (I put the correct external ISP IP)

Mapped IP:

Port fowarding: enabled

External service port:3389/3389 Map to Port: 3389/3389



From: wan1

To: vlan100

Source: all

Destination: RDP_virtualIP

Nat: disabled


In the logs I can see the pc outside that is trying to connect, it is not being blocked but doesn't works.

I placed the policy on the top of the rules but doesnt worked too.


Ok, strange issue. I guess nothing worked? :)


If you enable NAT, can you collect the output of "diag sniff packet any 'host' 4" the same time you try to connect? Just want to see if there´s any ARP requests or similiar to


Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

It would also still be very useful to review any logs generated on the server itself once connection attempts are made.

Regards, Chris McMullan Fortinet Ottawa




Perhaps you can provide the CLI script equivalent, we may be able to spot something. eg.


config firewall service custom     edit "rdp-port-list"         set tcp-portrange 3389-3389:0-65535     next end config firewall vip     edit "RDP-Server1"         set extintf "wan1"         set portforward enable         set mappedip         set extport 3389         set mappedport 3389     next end config firewall policy     edit 0         set srcintf "wan1"         set dstintf "dmz_net"         set srcaddr "remote-admin-pc"         set dstaddr "RDP-Server1"         set action accept         set schedule "always"         set service "rdp-port-list"         [style="background-color: #ff0000;"]set nat enable[/style]     next end


NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
New Contributor

Solved the problem: I just changed the port to 3386 on windows registry

(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber) and now is working. 


But I didn't understand why 3389 doesn't works.

Top Kudoed Authors